Of course, I was still trying to get work done at 10:30pm, but it was a nice 45-minute distraction from my dozens (or hundreds) of 802.1X technical pages.

You, too, can bask in the amusement that is Shimel and Ashley’s SSAATY Podcast and hear a few of my random thoughts and ramblings. I have a few more thoughts to throw on the Rohati pile probably, but we’ll get to that another day.

Below if from Alan’s blog post.

StillSecure, After all these years, #55 - JJ in the house

Episode 55 of SSAATY is a fun one.  Mitchell and I are joined by JJ, Jenifer Jabbusch of Security Uncorked blog.  JJ is someone I have gotten to know over the last year or so and she is a lot of fun. On top of that she is very technical and huge supporter of 802.1x, NAC and security in general.

JJ, Mitchell and I talk about Rohati, NAC, 802.1x and a bunch of other stuff in our usual rambling, stream of consciousness style.  It is about 40 minutes of informative good times.

If you like the content of these shows or have any other comments or questions, please drop us a line at podcast@stillsecure.com

Thanks to ClickCaster for hosting our podcast. Tonight’s music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley.

Listen online here:
http://www.clickcaster.com/channel/item/stillsecure—after-all-these-years—podcast-55-with-jj

# # #

Episode 55 of SSAATY is a fun one.  Mitchell and I are joined by JJ, Jenifer Jabbusch of Security Uncorked blog.  JJ is someone I have gotten to know over the last year or so and she is a lot of fun. On top of that she is very technical and huge supporter of 802.1x, NAC and security in general.

JJ, Mitchell and I talk abour Rohati, NAC, 802.1x and a bunch of other stuff in our usal rambling, stream of consciousness style.  It is about 40 minutes of informative good times.

If you like the content of these shows or have any other comments or questions, please drop us a line at podcast@stillsecure.com

Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!

Or download here:

mp3 

Episode 55 of SSAATY is a fun one.  Mitchell and I are joined by JJ, Jenifer Jabbusch of Security Uncorked blog.  JJ is someone I have gotten to know over the last year or so and she is a lot of fun. On top of that she is very technical and huge supporter of 802.1x, NAC and security in general.

JJ, Mitchell and I talk abour Rohati, NAC, 802.1x and a bunch of other stuff in our usal rambling, stream of consciousness style.  It is about 40 minutes of informative good times.

If you like the content of these shows or have any other comments or questions, please drop us a line at podcast@stillsecure.com

Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!

Or download here:

mp3 

Last week in response to Richard Stiennon's glowing write up, I questioned what it is exactly that Rohati does. Well someone from Rohati must have seen it and I was contacted by the Rohati team and offered a peek and a deep explanation of exactly what Rohati does.  So today I had a chance to speak with Shane Buckley, CEO, Prashant Ghandi VP of product management and strategy and Steven Wastie, VP of marketing.  I was impressed that such a triumvirate of power players from the Rohati team took the time to speak to me.  But I guess after I wrote what I did, it was followed up by JJ writing her article on it and than Rothman piling on with his own two cents. 

Give the Rohati team credit for recognizing the power of blogs to influence the influencer and reaching out to stem the tide.  It just goes to show you how far blogging has come. But enough about the power of blogs, lets talk about Rohati.

The best way for me to describe Rohati is that it is layer 7 ACLs to control access to applications.  Where we already have security at the perimeter and at the edge, Rohati is about controlling access at the server/application.  The diagram on the left (click on it to get a bigger version), is a good illustration of how Rohati works. By integrating with LDAPs Rohati can assign you an access policy to any application.  Based upon that Rohati gives a very fine grain level of access control at the application layer.  It acts as a proxy to the app server for both regular and encrypted traffic.  Because the ACLs are on the Rohati box itself, there really is not any integration with switches per say and so no integration worries.

The only problem is that the Rohati box has to be able to handle the traffic flow.  Hence the box is a big honker.  The cheap one is about 20k list I believe and the industrial size version is 80k. This product is aimed squarely at the data center space and is sold through channels.

Will Rohati succeed.  Yes, I think it will.  I think they have taken a unique approach to a security issue that will continue to grow in years to come.  Application access is an area that I think is still up and coming.  In a period of nothing is ever new in security, the Rohati team seems to have found something that has not been done before in a packaged dedicated way like this.  If nothing else, with all of the ex-Cisco folks there, Cisco will eat its young and buy the technology back in.

We will watch Rohati's progress in the months to come.  At the very least, it seems they are blog savvy enough to navigate the waters of social media.  Maybe they will start their own blog soon.

Last week in response to Richard Stiennon's glowing write up, I questioned what it is exactly that Rohati does. Well someone from Rohati must have seen it and I was contacted by the Rohati team and offered a peek and a deep explanation of exactly what Rohati does.  So today I had a chance to speak with Shane Buckley, CEO, Prashant Ghandi VP of product management and strategy and Steven Wastie, VP of marketing.  I was impressed that such a triumvirate of power players from the Rohati team took the time to speak to me.  But I guess after I wrote what I did, it was followed up by JJ writing her article on it and than Rothman piling on with his own two cents. 

Give the Rohati team credit for recognizing the power of blogs to influence the influencer and reaching out to stem the tide.  It just goes to show you how far blogging has come. But enough about the power of blogs, lets talk about Rohati.

The best way for me to describe Rohati is that it is layer 7 ACLs to control access to applications.  Where we already have security at the perimeter and at the edge, Rohati is about controlling access at the server/application.  The diagram on the left (click on it to get a bigger version), is a good illustration of how Rohati works. By integrating with LDAPs Rohati can assign you an access policy to any application.  Based upon that Rohati gives a very fine grain level of access control at the application layer.  It acts as a proxy to the app server for both regular and encrypted traffic.  Because the ACLs are on the Rohati box itself, there really is not any integration with switches per say and so no integration worries.

The only problem is that the Rohati box has to be able to handle the traffic flow.  Hence the box is a big honker.  The cheap one is about 20k list I believe and the industrial size version is 80k. This product is aimed squarely at the data center space and is sold through channels.

Will Rohati succeed.  Yes, I think it will.  I think they have taken a unique approach to a security issue that will continue to grow in years to come.  Application access is an area that I think is still up and coming.  In a period of nothing is ever new in security, the Rohati team seems to have found something that has not been done before in a packaged dedicated way like this.  If nothing else, with all of the ex-Cisco folks there, if nothing else Cisco will eat its young and buy the technology back in.

We will watch Rohati's progress in the months to come.  At the very least, it seems they are blog savvy enough to navigate the waters of social media.  Maybe they will start their own blog soon.

Stiennon talks about Rohati and their ‘new’ approach to NAC in the form of their NBEC, Network-based Entitlement Control. I, unlike some bloggers in our network, decided to check it out before formulating an opinion.

So, I checked it out and I’m a little disappointed… on several fronts. First, all the information I have with which to draw a conclusion is limited to the online ‘product demo’ available on their website. It’s not really a product demo, hence disappointment number 1.

Let down number 2 comes in the realization that the features they’re touting in the ‘product demo’ are actually things we can do today, with traditional hardware-based NAC solutions from those daily house-hold names… Symantec, StillSecure, Juniper, ProCurve, Enterasys and even Cisco. Rohati does (potentially) have a unique statement of being able to enforce policies without touching the client. But, again, we ‘can’ do that with several of the products I just mentioned. And I’m wondering how we could create the tunnel-like enforcement and security Rohati claims to offer without some type of agent on the client… after all, any encryption tunnel has to have endpoints, right?

I attempted what I usually do when I’m checking out security solutions, I went to the support section of the website to download product manuals or configuration and implementation guides. Even some white papers. I wanted to see how they’re really going about it all. But, disappointment number 3 jumped up and got me when I saw that the only resource on their support page was an email address. Hmm….

The company seems to be comprised mostly of long-term ex-Cisco employees. Out of the 8 members of the management team, there’s 1 President, 6 VPs and a director- 5 of which are co-founders. With just 2 years under their belt, I’m wondering what all they can have up their sleeve past a slight variation of current NAC solutions.

I may be completely wrong about the company and product(s). If I am, I’m sure someone will offer to send over some product manuals for me to read through…

The bottom line is… a rose by any other name would smell as sweet… or stink as bad.

# # #

Sir Lancelot or Guinevere? Hey don't laugh it could happen to you. In the meantime what has Richard so hot and bothered that he is subscribing mythical qualities to Rohati?  It seems they are using a layer 4 to 7 firewall to control access to applications. They call it network based entitlement control.  I wonder how they stack up to Palo Alto Networks and some of the other next gen application aware, access control firewall products.  From what I understand Nevis Networks and ConSentry can do similar things with the firewalls in their secure switches.

Nevertheless Rohati has gotten some good press, albeit with most coverage carping on the fact that they are founded by former Cisco employees (there are enough former Cisco employees to found many companies I would think). I do think that application aware access control is of tremendous value and this technology will find its way into many technologies. It is a logical extension of identity based access control. 

As usual though Richard can't resist taking a few cheap shots at NAC vendors.  In Richards idyllic view of Camelot, somehow performing pre-connect health or integrity tests is the devils own work.  Richard will just admit that these tests have value and people want them.  They do not preclude doing the rest of the job of access control that Richard seems to approve of though.  Alas, Richard and I have danced this dance before though and I am not going to get into the why it is important.  In fact, here is a new tact for you Richard, it is not important. If you are not going to be convinced, forget about them.  Look beyond admission control tests at what NAC vendors offer around access control and you may find similar type of technology to Rohati in the near future. 

Until than though Richard let me paraphrase Merlin from the movie Camelot "Never be too disturbed if you don't understand what a former analyst is thinking. They don't do it very often".

Sir Lancelot or Guinevere? Hey don't laugh it could happen to you. In the meantime what has Richard so hot and bothered that he is subscribing mythical qualities to Rohati?  It seems they are using a layer 4 to 7 firewall to control access to applications. They call it network based entitlement control.  I wonder how they stack up to Palo Alto Networks and some of the other next gen application aware, access control firewall products.  From what I understand Nevis Networks and ConSentry can do similar things with the firewalls in their secure switches.

Nevertheless Rohati has gotten some good press, albeit with most coverage carping on the fact that they are founded by former Cisco employees (there are enough former Cisco employees to found many companies I would think). I do think that application aware access control is of tremendous value and this technology will find its way into many technologies. It is a logical extension of identity based access control. 

As usual though Richard can't resist taking a few cheap shots at NAC vendors.  In Richards idyllic view of Camelot, somehow performing pre-connect health or integrity tests is the devils own work.  Richard will just admit that these tests have value and people want them.  They do not preclude doing the rest of the job of access control that Richard seems to approve of though.  Alas, Richard and I have danced this dance before though and I am not going to get into the why it is important.  In fact, here is a new tact for you Richard, it is not important. If you are not going to be convinced, forget about them.  Look beyond admission control tests at what NAC vendors offer around access control and you may find similar type of technology to Rohati in the near future. 

Until than though Richard let me paraphrase Merlin from the movie Camelot "Never be too disturbed if you don't understand what a former analyst is thinking. They don't do it very often".

While waiting for the pan-out of the Cisco System's acquisition of Securent, I can't help but wonder how Cisco is going to develop the Securent technology in its future products. Will the Securent policy engine (PDP) be used 1) as a main point for policy management and enforcement for network equipment, OR 2) will they continue using the product along the 'Securent-intended' path: enforcing fine grained application level policies by integrating policy enforcement points into applications, OR  3) managing fine grained authorizations on the network layer (without the need to open up applications), similarly to BayShore Networks, Autonomic Networks, and Rohati Systems? Without a comprehensive identity and access management offering (IAM), Cisco will probably be fit best to do 1) and 3) described above. This seems most consistent with Cisco's background and culture.